chardev socket permissions

[ib.pl]

Hello,

I can see 755 mode on monitor socket (100.qmp) on PVE2.1 installation:

# ls -la /var/run/qemu-server
-rw------- 1 root root 5 Sep 10 04:01 100.pid
srwxr-xr-x 1 root root 0 Sep 10 04:01 100.qmp
srwxr-x--- 1 root root 0 Sep 10 04:01 100.vnc
​

Is is safe or should be rather 700 or 750? If so - where one should change it to do it pve compatible way?

Regards,
Pawel

 

[dietmar]

I guess that is safe

 

[ib.pl]

Dietmar,

Thanks for quick reponse!

Hypervisor is rather sensitive thing, so - will

chmod 700 /var/run/qemu-server

break something in a way PVE works (now is 755) or may be applied safely?

Do all legitimate PVE procs use root privileges to access those sockets or any other tech accounts need access there?

Regards,
Pawel

 

[dietmar]

Do all legitimate PVE procs use root privileges to access those sockets or any other tech accounts need access there?

You cant access anything, because there are no write permission (or do I miss soemthing)?

 

[dietmar]

Anyway, will try to reduce permission with next version.